With Linux hyped as a very secure and stable operating system as compared to Windows, you might be wondering why would anyone need security tools for Linux. You are right. Linux is a secure and stable OS but is still vulnerable to bugs, security leaks and intrusion attacks specially if you are using it as a web server. To detect such attacks and security holes, security tools are needed. These can be used to patch up bugs, fix network leaks, prevent viruses, trojan horses and remote exploits.

1. John the Ripper:

Prevention is better than cure. Strong passwords are the first step in securing your web server. Many web servers get exploited just because of weak passwords. John the Ripper is a password auditing tool that can be used to detect weak passwords on web servers. It checks the passwords against a list of words commonly used and their variants. If the passwords on your web server get cracked by this tool, you have a red alert. Change your password to some uncommon mix of alphanumeric characters.

2. NMap:

Next on your checklist should be if any ports have been left open accidentally on your web server. NMap is the just the right tool help you detect port vulnerabilities and prevent your web server from being exploited. If you find any unwanted ports close them. It’s better to run nmap from another server.

3. Firestarter:

How do you close an open unwanted port? Firewall is the answer to your problem here. Linux uses iptables to secure and close unwanted ports. You can use Firestarter which is front end tool for iptables if you find handling iptables tough from the command line. Firestarter is not only easy to use, but you can even implement the firewall rules with immediate effect from the program itself.

4. Chkrootkit:

What if you feel that the security of  your web server has been compromised from the inside? Chkrootkit is the tool to detect the presence of these trojan horses. Root kits are small pieces of software that a hacker might have left hidden on your web server which might be used to gain access to your machine in the future. It should be run from a rescue disk like a live CD.

5. GPG:

You can keep data on your web server confidential even if it gets exploited. To prevent hackers from getting away with your data, you can use encryption tools. GPG is one such tool that uses public key encryption which makes the data in encrypted files inaccessible to an intruder. There are two sets of keys one on the disk an one privately held like on a removable medium. This makes it tough to get the contents even if the encryption key stored on the disk is known.

6. OpenSSh:

For remote maintenance of your web server never use telnet. It sends your login information in a way that can easily be sniffed. OpenSSh is the tool that you can use to remotely login. It uses username and password based authentication to provide a secure encrypted connection over an insecure network like the Internet.

7. Tripwire:

Files on a Linux web server are arranged in their respective directories with the configuration files being under /etc. To verify that the system configuration files have not been manipulated or compromised, an intrusion detection system is used to monitor and report the changes about such files. Tripwire is one such tool that performs this action and sends alerts whenever a file change security breach is detected.

8. Wireshark:

You can analyze live network data or from an existing file with Wireshark. It can reconstruct a TCP session with support for hundreds of protocols.  It is widely used to capture packets across a network and give a detailed visual report. You can use it to sniff packets for troubleshooting and analyzing  network problems.

9. Hping:

To audit security and test firewalls you can use Hping to generate packets over TCP/IP protocol. It can be used in  traceroute mode and has the ability to send files between a covered channel. You can use it for remote OS fingerprinting and uptime guessing.

10. Socat:

Based on netcat, you can use socat to read and write data over network  connections on TCP and UDP. It can also be used as a network debugger and analyzing tool, as it create many types of connections. It supports SSL encryption and proxies.

In addition to using these tools to secure your web server, you can do basic things like stopping unused services, deleting unwanted CGI applications. Run periodic scans and tests to keep your web server healthy and secure.

You can get all these tools from the repositories of your Linux distro. Live rescue and penetration detection CDs also come with these and many more tools to help you secure your Linux web server.

* * *

Brought to you by The Daily Artisan.